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DETAILED ACTION 

1. Claims 1-21 are examined. 

Drawings 

2. FIG. 3 is objected to under 37 CFR 1 .83(a) because they fail to show the 'Yes' and 'No' output as 
described in the specification [see the last paragraph in page 9]. Any structural detail that is essential for 
a proper understanding of the disclosed invention should be shown in the drawing. MPEP § 608.02(d). 
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to 
avoid abandonment of the application. Any amended replacement drawing sheet should include all of the 
figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. 
The figure or figure number of an amended drawing should not be labeled as "amended." If a drawing 
figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where 
necessary, the remaining figures must be renumbered and appropriate changes made to the brief 
description of the several views of the drawings for consistency. Additional replacement sheets may be 
necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the 
filing date of an application must be labeled in the top margin as either "Replacement Sheet" or "New 
Sheet" pursuant to 37 CFR 1 .121(d). If the changes are not accepted by the examiner, the applicant will 
be notified and informed of any required corrective action in the next Office action. The objection to the 
drawings will not be held in abeyance. 

Claim Rejections - 35 USC §102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 
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(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-21 are rejected under 35 U.S.C. 102(e) as being anticipated by O'Flaherty et al. 
(US 6,275,824 B1), referred as " O'Flaherty " hereinafter 

As per Claim 1 , O'Flaherty teaches, 

A data security system [see abstract], comprising: an implicit clearance system [see FIG. 6; 
STANDARD VIEW 260 - ROUTINE DSS APPLICATIONS 110 A in FIG.2A; and for example, col.8, lines 
1 6-45, "The standard view 260 will not present personal data unless either the flag in column 224 
(indicating that the personal information and identifying information can be disseminated) or 226 
(indicating that personal information can only be disseminated anonymously) is activated. Hence, the 
standard view 260 selectively masks personal data from view unless the consumer has had the 
appropriate flags set to the proper value..."]; 

an explicit clearance system [see FIG.5; METADATA MONITORING EXTENSIONS 114 in FIG.1 
& FIG.5; ACCESS LOG 402 in FIG.4; and for example, col.4, lines 37-60, "....all access to the data 
stored in the extended database 106 is provided solely through the dataview suite 108... third party 
applications 112 have access only to such data as permitted by the database view provided. . . 
limiting access to the data stored in the extended database 106 to access provided by the privacy 
dataview suite 1 08 for purposes of (1) implementing privacy rules provides the capability to make the 
personal data anonymous ...(2) to restrict access to opted-out columns, which can apply to all personal 
data, separate categories of personal data, or individual data columns, and (3) to exclude entire rows 
(customer records) for opt-out purposes based on customer opt-outs ..."]; 

a field level clearance system [see FIG.8; PRIVILEGED VIEW 262 - PRIVILEGED 
APPLIACTIONS 110B in FIG.2A; and for example, col.8, line 46 to col.9, line 14, "The privileged view 
262 permits viewing, analysis, and alteration of all information. The privileged view 262 will be supplied 
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only to privileged ...and to those applications which handle privacy related functions ...example, the client 
interface module 212, which is used to view, specify, and change consumer privacy preferences, is a 
privileged application. Appropriate security measures are undertaken to assure that the privileged 
applications are suitably identified as such, and to prevent privileged view 262 access by any entity that is 
not so authorized..."]; and 

a data anonimization system [see FIG.7; ANONYMIZING VIEW - ANALYTICAL 
APPLICATIONS 110C in FIG.2A; and for example, col.9, lines 15-54, "The anonymizing view 264 
permits the viewing and analysis of personal information, but screens the information stored in the identity 
information portion 204 from view or analysis unless the flag in the column 224 ...is selected... permit data 
mining and ad-hoc queries. If the consumer permits, this information may also be provided to third party 
applications 112..."]. 

As per Claim 12 , O'Flaherty teaches, 

A program product stored on a recordable medium for providing data security, the program 
product comprising: means for selectively requiring a user to have explicit permission in order to access a 
set of data [see FIG.5; METADATA MONITORING EXTENSIONS 114 in FIG. 1; ACCESS LOG 402 in 
FIG.4; and for example, col. 4, lines 37-60]; 

means for requiring the user to meet any one of a set of implicit conditions in order access the set 
of data [see FIG.6; STANDARD VIEW 260 - ROUTINE DSS APPLICATIONS 110 A in FIG.2A; and for 
example, col. 8, lines 16-45]; 

means for limiting access to data records by restricting the user to a predefined view [see FIG. 8; 
PRIVILEGED VIEW 262 - PRIVILEGED APPLIACTIONS 110B in FIG.2A]; and for example, col.8, line 
46 to col.9, line 14, wherein the predefined view displays a predetermined set of data fields from the data 
records [see CUSTOMER TABLES in FIGS.2A-3C]; and 

means for replacing a data element in a data record with a unique identifier in order to create an 
anonymous data record [see FIG.7; ANONYMIZING VIEW - ANALYTICAL APPLICATIONS 110C in 
FIG.2A; and for example, col.9, lines 15-54]. 
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As per Claim 17 , O'Flaherty teaches, 

A method for providing data security, comprising: selectively replacing data elements in data 
records with unique identifiers as the data records are being stored in a data warehouse in order to create 
anonymous data records [see FIG.7; ANONYMIZING VIEW - ANALYTICAL APPLICATIONS 110C in 
FIG.2A; and for example, col. 9, lines 15-54]; 

selectively requiring a user to have explicit permission in order to access a set of the data records 
[see FIG.5; METADATA MONITORING EXTENSIONS 114 in FIG.1; ACCESS LOG 402 in FIG.4; and for 
example, col.4, lines 37-60]; 

requiring the user to meet any one of a set of implicit conditions in order access the set of the 
data records if explicit clearance is not required [see FIG. 6; STANDARD VIEW 260 - ROUTINE DSS 
APPLICATIONS 110 A in FIG.2A; and for example, col.8, lines 16-45]; and 

limiting access to data records by restricting the user to a predefined view [see FIG. 8; 
PRIVILEGED VIEW 262 - PRIVILEGED APPLIACTIONS 110B in FIG.2A; and for example, col.8, line 46 
to col. 9, line 14], wherein the predefined view displays a predetermined set of data fields from the data 
records [see CUSTOMER TABLES in FIGS.2A-3C]. 

As per Claim 2 , O'Flaherty teaches, 

wherein the implicit clearance system comprises a mechanism for setting up a plurality of filters 
for a set of data [see FIGS.2A-3C - where O'Flaherty discloses plurality of filters 210, 212, SECURITY 
INFORMATION - CAT1, CAT2, CAT3], and wherein a user is granted permission to the set of data if the 
user meets a condition of at least one filter [see for example, col. 2, lines 57-67]. 

As per Claim 3 , O'Flaherty teaches, 

wherein the set of data is selected from the group consisting of: a row of data [see EXTENDED- 
RULES-TRUSTED-ANONYMIZED DATABASE in FIGS.1, 9 and 10], a data table [see CUSTOMER 
TABLES in FIGS.2A-3C], and a data field [see CUSTOMER BASE TABLES in FIG.1 1]. 
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Claim 6 is rejected for the same reasons applied to the rejection of Claim 3. 
As per Claim 4 , O'Flaherty teaches, 

wherein the implicit clearance system comprises a table for each filter, wherein each table lists all 
user ID'S that meet the condition of an associated filter [see CUSTOMER TABLES in FIGS.2A-3C - 
where O'Flaherty discloses ID's; e.g., ACCT NO. associated with filters 210, 212, SECURITY 
INFORMATION -CAT1, CAT2, CAT3]. 

As per Claim 5 , O'Flaherty teaches, 

wherein the explicit clearance system comprises a mechanism for requiring explicit permission to 
an area of data [see FIG.5; METADATA MONITORING EXTENSIONS 114 in FIG.1; ACCESS LOG 402 
in FIG.4; and for example, col. 4, lines 37-60], and wherein a user is granted permission to the area of 
data only if explicit permission has been granted [see for example, col. 2, lines 57-67, "... a database 
management system, for storing and retrieving data from a plurality of database tables wherein the data 
in the database tables is controllably accessible according to privacy parameters stored in the 
database table, . . . and controlling access to the data within the database tables according to the 
privacy parameters, and ...for validating enforcement of the data privacy parameters in the 
database management system"]. 

As per Claim 7 , O'Flaherty teaches, 

wherein the explicit clearance system comprises: an explicit areas table that defines all areas of 
data that require explicit clearance [see FIG.5; METADATA MONITORING EXTENSIONS 114 in FIG.1; 
ACCESS LOG 402 in FIG.4; and for example, col.4, lines 37-60]; and a set of ID tables that define those 
users who have explicit clearance for each of the areas requiring explicit permission [see CUSTOMER 
TABLES in FIGS.2A-3C]. 

Claims 13 and 18 are rejected for the same reasons applied to the rejection of Claim 7. 
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As per Claims 8 and 9 , O'Flaherty teaches, 

wherein the field level clearance system controls access to data types by restricting a user to a 
predefined view [see FIG.8; PRIVILEGED VIEW 262 - PRIVILEGED APPLIACTIONS 110B in FIG.2A; 
and for example, col. 8, line 46 to col. 9, line 14], wherein the predefined view displays a predetermined set 
of data fields; and wherein the field level clearance system includes a set of data type tables that dictates 
data types available to each of a plurality of users [see FIGS.2A-3C]. 

As per Claims 10 and 11 , O'Flaherty teaches, 

wherein the anonimization system provides a mechanism for replacing a data element in a data 
record with a unique identifier in order to keep the data record anonymous; and a reference table for each 
data field that is to be kept anonymous, wherein each reference table includes a list of anonimized data 
elements and an associated unique identifier; and a mechanism for generating a new unique identifier for 
a data element that does not exist in the list of anonimized data elements [see OPT-OUT VIEW 266 in 
FIG.2B and FIGS.3C and 1 1 -where O'Flaherty discloses anonimization techniques and plurality of 
viewing modes]. 

Claims 16 and 21 are rejected for the same reasons applied to the rejection of Claim 1 1 . 
As per Claim 14 , O'Flaherty teaches, 

wherein the means for requiring the user to meet any one of a set of implicit conditions comprises 
means for storing a set of acceptable user ID's for each of the implicit conditions [see CUSTOMER 
TABLES in FIGS.2A-3C - where O'Flaherty discloses ID's; e.g., ACCT NO. associated with filters 210, 
212, SECURITY INFORMATION - CAT1, CAT2, CAT3\. 

Claim 19 is rejected for the same reasons applied to the rejection of Claim 14. 



As per Claim 15 , O'Flaherty teaches, 
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wherein the means for limiting access to a data record includes means for associating each of a 
plurality of users with one of the predefined views [see STANDARD-PREVILEGED-ANONYMIZED- 
OPTOUT VIEWS in FIGS.2A-3A, 3C and 1 1]. 

Claim 20 is rejected for the same reasons applied to the rejection of Claim 15. 

Conclusion 

4. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
(See PTO-892). 

Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to AMARE TABOR whose telephone number is (571)270-3155. The examiner can normally 
be reached on Mon-Fri 8:00a.m. to 5:00p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative 
or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 
1000. 



Amare Tabor 
(AU2139) 
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